Check: SRG-VOIP-000370
Enterprise Voice, Video, and Messaging Policy SRG:
SRG-VOIP-000370
(in versions v1 r2 through v1 r1)
Title
The required dua- homed DISN Core or NIPRNet access circuits must follow geographically diverse paths from the CER(s) along the entire route to the geographically diverse SDNs. (Cat II impact)
Discussion
One way to provide the greatest reliability and availability for DISN services is to provide redundancy in the network pathways between the customer site and the redundant DISN SDNs. The DISN core network is designed to be highly reliable and available in support of the DOD mission. The most vulnerable part of the network is the access circuit from the enclave to the core and the path it takes from the SDN to the customer's site. Therefore, redundant access circuits should be provisioned. Physical pathways for communications network access circuits are vulnerable to physical disruption from a variety of threats, both natural and manmade. These threats range from storm damage (falling trees, floods) to being damaged through digging, downed utility poles, or malicious acts, including war and terrorism. To overcome the physical threat, the redundant circuits should follow geographically diverse paths.
Check Content
Inspect the documentation for the pathways taken by the access circuits to determine compliance with the requirement. Obtain the pathway documentation for the facilities on-site. Additionally, obtain information from the DISN core PMO and/or local carrier of the access circuits for the pathways off-site. Verify the ISSO maintains a copy for future inspections. Changes to the pathways must also be recorded and maintained. If the required dual-homed circuits follow the same path or are close enough anywhere along their length to be damaged by a single event, this is a finding.
Fix Text
Ensure dual-homed DISN Core or NIPRNet access circuits follow geographically diverse paths from the CER(s) along the entire route to the geographically diverse SDNs. Ensure each circuit uses different facilities such as cables, demarks, and digital cross connects in geographically diverse locations. Ensure geographic and facilities information is maintained on-site and off-site. Ensure the paths taken by the access circuits remain significantly separate along their entire length so that a single point of failure is not created.
Additional Identifiers
Rule ID: SV-259917r948763_rule
Vulnerability ID: V-259917
Group Title: SRG-VOIP-000370
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001548 |
Defines the information flow control policies for controlling the flow of information within the system. |
Controls
Number | Title |
---|---|
AC-4 |
Information Flow Enforcement |